Class DoSFilter
- java.lang.Object
-
- org.eclipse.jetty.servlets.DoSFilter
-
- All Implemented Interfaces:
javax.servlet.Filter
- Direct Known Subclasses:
CloseableDoSFilter
@ManagedObject("limits exposure to abuse from request flooding, whether malicious, or as a result of a misconfigured client") public class DoSFilter extends java.lang.Object implements javax.servlet.Filter
Denial of Service filterThis filter is useful for limiting exposure to abuse from request flooding, whether malicious, or as a result of a misconfigured client.
The filter keeps track of the number of requests from a connection per second. If a limit is exceeded, the request is either rejected, delayed, or throttled.
When a request is throttled, it is placed in a priority queue. Priority is given first to authenticated users and users with an HttpSession, then connections which can be identified by their IP addresses. Connections with no way to identify them are given lowest priority.
The
extractUserId(ServletRequest request)
function should be implemented, in order to uniquely identify authenticated users.The following init parameters control the behavior of the filter:
- maxRequestsPerSec
- the maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled.
- delayMs
- is the delay given to all requests over the rate limit, before they are considered at all. -1 means just reject request, 0 means no delay, otherwise it is the delay.
- maxWaitMs
- how long to blocking wait for the throttle semaphore.
- throttledRequests
- is the number of requests over the rate limit able to be considered at once.
- throttleMs
- how long to async wait for semaphore.
- maxRequestMs
- how long to allow this request to run.
- maxIdleTrackerMs
- how long to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it
- insertHeaders
- if true , insert the DoSFilter headers into the response. Defaults to true.
- trackSessions
- if true, usage rate is tracked by session if a session exists. Defaults to true.
- remotePort
- if true and session tracking is not used, then rate is tracked by IP+port (effectively connection). Defaults to false.
- ipWhitelist
- a comma-separated list of IP addresses that will not be rate limited
- managedAttr
- if set to true, then this servlet is set as a
ServletContext
attribute with the filter name as the attribute name. This allows context external mechanism (eg JMX viaContextHandler.MANAGED_ATTRIBUTES
) to manage the configuration of the filter. - tooManyCode
- The status code to send if there are too many requests. By default is 429 (too many requests), but 503 (Unavailable) is another option
This filter should be configured for
DispatcherType.REQUEST
andDispatcherType.ASYNC
and with<async-supported>true</async-supported>
.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
DoSFilter.Action
private class
DoSFilter.DoSAsyncListener
private static class
DoSFilter.DoSTimeoutAsyncListener
private static class
DoSFilter.FixedRateTracker
static class
DoSFilter.Listener
Listener for actions taken against specific requests.static interface
DoSFilter.OverLimit
(package private) static class
DoSFilter.RateTracker
A RateTracker is associated with a connection, and stores request rate data.static class
DoSFilter.RateType
-
Field Summary
Fields Modifier and Type Field Description private static int
__DEFAULT_DELAY_MS
private static long
__DEFAULT_MAX_IDLE_TRACKER_MS_INIT_PARAM
private static long
__DEFAULT_MAX_REQUEST_MS_INIT_PARAM
private static int
__DEFAULT_MAX_REQUESTS_PER_SEC
private static int
__DEFAULT_MAX_WAIT_MS
private static int
__DEFAULT_THROTTLE
private static long
__DEFAULT_THROTTLE_MS
private static java.lang.String
__THROTTLED
private static java.lang.String
__TRACKER
private javax.servlet.ServletContext
_context
private long
_delayMs
private boolean
_enabled
private boolean
_insertHeaders
private DoSFilter.Listener
_listener
private java.util.Map<DoSFilter.RateType,javax.servlet.AsyncListener>
_listeners
private long
_maxIdleTrackerMs
private long
_maxRequestMs
private int
_maxRequestsPerSec
private long
_maxWaitMs
private java.lang.String
_name
private java.util.concurrent.Semaphore
_passes
private java.util.Map<DoSFilter.RateType,java.util.Queue<javax.servlet.AsyncContext>>
_queues
private java.util.concurrent.ConcurrentHashMap<java.lang.String,DoSFilter.RateTracker>
_rateTrackers
private boolean
_remotePort
private java.lang.String
_resumed
private Scheduler
_scheduler
private java.lang.String
_suspended
private int
_throttledRequests
private long
_throttleMs
private int
_tooManyCode
private boolean
_trackSessions
private java.util.List<java.lang.String>
_whitelist
private static java.util.regex.Pattern
CIDR_PATTERN
(package private) static java.lang.String
DELAY_MS_INIT_PARAM
(package private) static java.lang.String
ENABLED_INIT_PARAM
(package private) static java.lang.String
INSERT_HEADERS_INIT_PARAM
(package private) static java.lang.String
IP_WHITELIST_INIT_PARAM
private static java.lang.String
IPv4_GROUP
private static java.util.regex.Pattern
IPv4_PATTERN
private static java.lang.String
IPv6_GROUP
private static java.util.regex.Pattern
IPv6_PATTERN
private static Logger
LOG
(package private) static java.lang.String
MANAGED_ATTR_INIT_PARAM
(package private) static java.lang.String
MAX_IDLE_TRACKER_MS_INIT_PARAM
(package private) static java.lang.String
MAX_REQUEST_MS_INIT_PARAM
(package private) static java.lang.String
MAX_REQUESTS_PER_S_INIT_PARAM
(package private) static java.lang.String
MAX_WAIT_INIT_PARAM
(package private) static java.lang.String
REMOTE_PORT_INIT_PARAM
(package private) static java.lang.String
THROTTLE_MS_INIT_PARAM
(package private) static java.lang.String
THROTTLED_REQUESTS_INIT_PARAM
(package private) static java.lang.String
TOO_MANY_CODE
(package private) static java.lang.String
TRACK_SESSIONS_INIT_PARAM
-
Constructor Summary
Constructors Constructor Description DoSFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description private byte[]
addressToBytes(java.lang.String address)
private void
addToRateTracker(DoSFilter.RateTracker tracker)
boolean
addWhitelistAddress(java.lang.String address)
Adds the given IP address, either in the form of a dotted decimal notation A.B.C.D or in the CIDR notation A.B.C.D/M, to the list of whitelisted IP addresses.private boolean
addWhitelistAddress(java.util.List<java.lang.String> list, java.lang.String address)
protected boolean
checkWhitelist(java.lang.String candidate)
protected boolean
checkWhitelist(java.util.List<java.lang.String> whitelist, java.lang.String candidate)
Deprecated.void
clearWhitelist()
Clears the list of whitelisted IP addressesprotected void
closeConnection(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.Thread thread)
Deprecated.private java.lang.String
createRemotePortId(javax.servlet.ServletRequest request)
void
destroy()
protected void
doFilter(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain)
void
doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain)
protected void
doFilterChain(javax.servlet.FilterChain chain, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
protected java.lang.String
extractUserId(javax.servlet.ServletRequest request)
Returns the user id, used to track this connection.long
getDelayMs()
Get delay (in milliseconds) that is applied to all requests over the rate limit, before they are considered at all.DoSFilter.Listener
getListener()
long
getMaxIdleTrackerMs()
Get maximum amount of time (in milliseconds) to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it.protected DoSFilter.RateType
getMaxPriority()
long
getMaxRequestMs()
Get maximum amount of time (in milliseconds) to allow the request to process.int
getMaxRequestsPerSec()
Get maximum number of requests from a connection per second.long
getMaxWaitMs()
Get maximum amount of time (in milliseconds) the filter will blocking wait for the throttle semaphore.java.lang.String
getName()
The unique name of the filter when there is more than one DosFilter instance.private DoSFilter.RateType
getPriority(javax.servlet.http.HttpServletRequest request, DoSFilter.RateTracker tracker)
Get priority for this request, based on user type(package private) DoSFilter.RateTracker
getRateTracker(javax.servlet.ServletRequest request)
Return a request rate tracker associated with this connection; keeps track of this connection's request rate.int
getThrottledRequests()
Get number of requests over the rate limit able to be considered at once.long
getThrottleMs()
Get amount of time (in milliseconds) to async wait for semaphore.int
getTooManyCode()
Status code for Rejected for too many requests.java.lang.String
getWhitelist()
Get a list of IP addresses that will not be rate limited.void
init(javax.servlet.FilterConfig filterConfig)
boolean
isEnabled()
boolean
isInsertHeaders()
Check flag to insert the DoSFilter headers into the response.boolean
isRemotePort()
Get flag to have usage rate tracked by IP+port (effectively connection) if session tracking is not used.boolean
isTrackSessions()
Get flag to have usage rate tracked by session if a session exists.protected void
onRequestTimeout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.Thread handlingThread)
Invoked when the request handling exceedsgetMaxRequestMs()
.private byte[]
prefixToBytes(int prefix, int length)
void
removeFromRateTracker(java.lang.String id)
boolean
removeWhitelistAddress(java.lang.String address)
Removes the given address from the list of whitelisted IP addresses.private void
schedule(DoSFilter.RateTracker tracker)
void
setDelayMs(long value)
Set delay (in milliseconds) that is applied to all requests over the rate limit, before they are considered at all.void
setEnabled(boolean enabled)
void
setInsertHeaders(boolean value)
Set flag to insert the DoSFilter headers into the response.void
setListener(DoSFilter.Listener listener)
void
setMaxIdleTrackerMs(long value)
Set maximum amount of time (in milliseconds) to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it.void
setMaxRequestMs(long value)
Set maximum amount of time (in milliseconds) to allow the request to process.void
setMaxRequestsPerSec(int value)
Get maximum number of requests from a connection per second.void
setMaxWaitMs(long value)
Set maximum amount of time (in milliseconds) the filter will blocking wait for the throttle semaphore.void
setName(java.lang.String name)
void
setRemotePort(boolean value)
Set flag to have usage rate tracked by IP+port (effectively connection) if session tracking is not used.void
setThrottledRequests(int value)
Set number of requests over the rate limit able to be considered at once.void
setThrottleMs(long value)
Set amount of time (in milliseconds) to async wait for semaphore.void
setTooManyCode(int tooManyCode)
void
setTrackSessions(boolean value)
Set flag to have usage rate tracked by session if a session exists.void
setWhitelist(java.lang.String commaSeparatedList)
Set a list of IP addresses that will not be rate limited.protected Scheduler
startScheduler()
protected void
stopScheduler()
protected boolean
subnetMatch(java.lang.String subnetAddress, java.lang.String address)
private void
throttleRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain, DoSFilter.RateTracker tracker)
-
-
-
Field Detail
-
LOG
private static final Logger LOG
-
IPv4_GROUP
private static final java.lang.String IPv4_GROUP
- See Also:
- Constant Field Values
-
IPv4_PATTERN
private static final java.util.regex.Pattern IPv4_PATTERN
-
IPv6_GROUP
private static final java.lang.String IPv6_GROUP
- See Also:
- Constant Field Values
-
IPv6_PATTERN
private static final java.util.regex.Pattern IPv6_PATTERN
-
CIDR_PATTERN
private static final java.util.regex.Pattern CIDR_PATTERN
-
__TRACKER
private static final java.lang.String __TRACKER
- See Also:
- Constant Field Values
-
__THROTTLED
private static final java.lang.String __THROTTLED
- See Also:
- Constant Field Values
-
__DEFAULT_MAX_REQUESTS_PER_SEC
private static final int __DEFAULT_MAX_REQUESTS_PER_SEC
- See Also:
- Constant Field Values
-
__DEFAULT_DELAY_MS
private static final int __DEFAULT_DELAY_MS
- See Also:
- Constant Field Values
-
__DEFAULT_THROTTLE
private static final int __DEFAULT_THROTTLE
- See Also:
- Constant Field Values
-
__DEFAULT_MAX_WAIT_MS
private static final int __DEFAULT_MAX_WAIT_MS
- See Also:
- Constant Field Values
-
__DEFAULT_THROTTLE_MS
private static final long __DEFAULT_THROTTLE_MS
- See Also:
- Constant Field Values
-
__DEFAULT_MAX_REQUEST_MS_INIT_PARAM
private static final long __DEFAULT_MAX_REQUEST_MS_INIT_PARAM
- See Also:
- Constant Field Values
-
__DEFAULT_MAX_IDLE_TRACKER_MS_INIT_PARAM
private static final long __DEFAULT_MAX_IDLE_TRACKER_MS_INIT_PARAM
- See Also:
- Constant Field Values
-
MANAGED_ATTR_INIT_PARAM
static final java.lang.String MANAGED_ATTR_INIT_PARAM
- See Also:
- Constant Field Values
-
MAX_REQUESTS_PER_S_INIT_PARAM
static final java.lang.String MAX_REQUESTS_PER_S_INIT_PARAM
- See Also:
- Constant Field Values
-
DELAY_MS_INIT_PARAM
static final java.lang.String DELAY_MS_INIT_PARAM
- See Also:
- Constant Field Values
-
THROTTLED_REQUESTS_INIT_PARAM
static final java.lang.String THROTTLED_REQUESTS_INIT_PARAM
- See Also:
- Constant Field Values
-
MAX_WAIT_INIT_PARAM
static final java.lang.String MAX_WAIT_INIT_PARAM
- See Also:
- Constant Field Values
-
THROTTLE_MS_INIT_PARAM
static final java.lang.String THROTTLE_MS_INIT_PARAM
- See Also:
- Constant Field Values
-
MAX_REQUEST_MS_INIT_PARAM
static final java.lang.String MAX_REQUEST_MS_INIT_PARAM
- See Also:
- Constant Field Values
-
MAX_IDLE_TRACKER_MS_INIT_PARAM
static final java.lang.String MAX_IDLE_TRACKER_MS_INIT_PARAM
- See Also:
- Constant Field Values
-
INSERT_HEADERS_INIT_PARAM
static final java.lang.String INSERT_HEADERS_INIT_PARAM
- See Also:
- Constant Field Values
-
TRACK_SESSIONS_INIT_PARAM
static final java.lang.String TRACK_SESSIONS_INIT_PARAM
- See Also:
- Constant Field Values
-
REMOTE_PORT_INIT_PARAM
static final java.lang.String REMOTE_PORT_INIT_PARAM
- See Also:
- Constant Field Values
-
IP_WHITELIST_INIT_PARAM
static final java.lang.String IP_WHITELIST_INIT_PARAM
- See Also:
- Constant Field Values
-
ENABLED_INIT_PARAM
static final java.lang.String ENABLED_INIT_PARAM
- See Also:
- Constant Field Values
-
TOO_MANY_CODE
static final java.lang.String TOO_MANY_CODE
- See Also:
- Constant Field Values
-
_suspended
private final java.lang.String _suspended
-
_resumed
private final java.lang.String _resumed
-
_rateTrackers
private final java.util.concurrent.ConcurrentHashMap<java.lang.String,DoSFilter.RateTracker> _rateTrackers
-
_whitelist
private final java.util.List<java.lang.String> _whitelist
-
_tooManyCode
private int _tooManyCode
-
_delayMs
private volatile long _delayMs
-
_throttleMs
private volatile long _throttleMs
-
_maxWaitMs
private volatile long _maxWaitMs
-
_maxRequestMs
private volatile long _maxRequestMs
-
_maxIdleTrackerMs
private volatile long _maxIdleTrackerMs
-
_insertHeaders
private volatile boolean _insertHeaders
-
_trackSessions
private volatile boolean _trackSessions
-
_remotePort
private volatile boolean _remotePort
-
_enabled
private volatile boolean _enabled
-
_name
private volatile java.lang.String _name
-
_listener
private DoSFilter.Listener _listener
-
_passes
private java.util.concurrent.Semaphore _passes
-
_throttledRequests
private volatile int _throttledRequests
-
_maxRequestsPerSec
private volatile int _maxRequestsPerSec
-
_queues
private java.util.Map<DoSFilter.RateType,java.util.Queue<javax.servlet.AsyncContext>> _queues
-
_listeners
private java.util.Map<DoSFilter.RateType,javax.servlet.AsyncListener> _listeners
-
_scheduler
private Scheduler _scheduler
-
_context
private javax.servlet.ServletContext _context
-
-
Method Detail
-
init
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
- Specified by:
init
in interfacejavax.servlet.Filter
- Throws:
javax.servlet.ServletException
-
startScheduler
protected Scheduler startScheduler() throws javax.servlet.ServletException
- Throws:
javax.servlet.ServletException
-
doFilter
public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain filterChain) throws java.io.IOException, javax.servlet.ServletException
- Specified by:
doFilter
in interfacejavax.servlet.Filter
- Throws:
java.io.IOException
javax.servlet.ServletException
-
doFilter
protected void doFilter(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain) throws java.io.IOException, javax.servlet.ServletException
- Throws:
java.io.IOException
javax.servlet.ServletException
-
throttleRequest
private void throttleRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain filterChain, DoSFilter.RateTracker tracker) throws java.io.IOException, javax.servlet.ServletException
- Throws:
java.io.IOException
javax.servlet.ServletException
-
doFilterChain
protected void doFilterChain(javax.servlet.FilterChain chain, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws java.io.IOException, javax.servlet.ServletException
- Throws:
java.io.IOException
javax.servlet.ServletException
-
onRequestTimeout
protected void onRequestTimeout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.Thread handlingThread)
Invoked when the request handling exceedsgetMaxRequestMs()
.By default, an HTTP 503 response is returned and the handling thread is interrupted.
- Parameters:
request
- the current requestresponse
- the current responsehandlingThread
- the handling thread
-
closeConnection
@Deprecated protected void closeConnection(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.Thread thread)
Deprecated.- Parameters:
request
- the current requestresponse
- the current responsethread
- the handling thread
-
getPriority
private DoSFilter.RateType getPriority(javax.servlet.http.HttpServletRequest request, DoSFilter.RateTracker tracker)
Get priority for this request, based on user type- Parameters:
request
- the current requesttracker
- the rate tracker for this request- Returns:
- the priority for this request
-
getMaxPriority
protected DoSFilter.RateType getMaxPriority()
- Returns:
- the maximum priority that we can assign to a request
-
setListener
public void setListener(DoSFilter.Listener listener)
-
getListener
public DoSFilter.Listener getListener()
-
schedule
private void schedule(DoSFilter.RateTracker tracker)
-
getRateTracker
DoSFilter.RateTracker getRateTracker(javax.servlet.ServletRequest request)
Return a request rate tracker associated with this connection; keeps track of this connection's request rate. If this is not the first request from this connection, return the existing object with the stored stats. If it is the first request, then create a new request tracker.Assumes that each connection has an identifying characteristic, and goes through them in order, taking the first that matches: user id (logged in), session id, client IP address. Unidentifiable connections are lumped into one.
When a session expires, its rate tracker is automatically deleted.
- Parameters:
request
- the current request- Returns:
- the request rate tracker for the current connection
-
addToRateTracker
private void addToRateTracker(DoSFilter.RateTracker tracker)
-
removeFromRateTracker
public void removeFromRateTracker(java.lang.String id)
-
checkWhitelist
protected boolean checkWhitelist(java.lang.String candidate)
-
checkWhitelist
@Deprecated protected boolean checkWhitelist(java.util.List<java.lang.String> whitelist, java.lang.String candidate)
Deprecated.
-
subnetMatch
protected boolean subnetMatch(java.lang.String subnetAddress, java.lang.String address)
-
addressToBytes
private byte[] addressToBytes(java.lang.String address)
-
prefixToBytes
private byte[] prefixToBytes(int prefix, int length)
-
destroy
public void destroy()
- Specified by:
destroy
in interfacejavax.servlet.Filter
-
stopScheduler
protected void stopScheduler()
-
extractUserId
protected java.lang.String extractUserId(javax.servlet.ServletRequest request)
Returns the user id, used to track this connection. This SHOULD be overridden by subclasses.- Parameters:
request
- the current request- Returns:
- a unique user id, if logged in; otherwise null.
-
getMaxRequestsPerSec
@ManagedAttribute("maximum number of requests allowed from a connection per second") public int getMaxRequestsPerSec()
Get maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled.- Returns:
- maximum number of requests
-
setMaxRequestsPerSec
public void setMaxRequestsPerSec(int value)
Get maximum number of requests from a connection per second. Requests in excess of this are first delayed, then throttled.- Parameters:
value
- maximum number of requests
-
getDelayMs
@ManagedAttribute("delay applied to all requests over the rate limit (in ms)") public long getDelayMs()
Get delay (in milliseconds) that is applied to all requests over the rate limit, before they are considered at all.- Returns:
- the delay in milliseconds
-
setDelayMs
public void setDelayMs(long value)
Set delay (in milliseconds) that is applied to all requests over the rate limit, before they are considered at all.- Parameters:
value
- delay (in milliseconds), 0 - no delay, -1 - reject request
-
getMaxWaitMs
@ManagedAttribute("maximum time the filter will block waiting throttled connections, (0 for no delay, -1 to reject requests)") public long getMaxWaitMs()
Get maximum amount of time (in milliseconds) the filter will blocking wait for the throttle semaphore.- Returns:
- maximum wait time
-
setMaxWaitMs
public void setMaxWaitMs(long value)
Set maximum amount of time (in milliseconds) the filter will blocking wait for the throttle semaphore.- Parameters:
value
- maximum wait time
-
getThrottledRequests
@ManagedAttribute("number of requests over rate limit") public int getThrottledRequests()
Get number of requests over the rate limit able to be considered at once.- Returns:
- number of requests
-
setThrottledRequests
public void setThrottledRequests(int value)
Set number of requests over the rate limit able to be considered at once.- Parameters:
value
- number of requests
-
getThrottleMs
@ManagedAttribute("amount of time to async wait for semaphore") public long getThrottleMs()
Get amount of time (in milliseconds) to async wait for semaphore.- Returns:
- wait time
-
setThrottleMs
public void setThrottleMs(long value)
Set amount of time (in milliseconds) to async wait for semaphore.- Parameters:
value
- wait time
-
getMaxRequestMs
@ManagedAttribute("maximum time to allow requests to process (in ms)") public long getMaxRequestMs()
Get maximum amount of time (in milliseconds) to allow the request to process.- Returns:
- maximum processing time
-
setMaxRequestMs
public void setMaxRequestMs(long value)
Set maximum amount of time (in milliseconds) to allow the request to process.- Parameters:
value
- maximum processing time
-
getMaxIdleTrackerMs
@ManagedAttribute("maximum time to track of request rates for connection before discarding") public long getMaxIdleTrackerMs()
Get maximum amount of time (in milliseconds) to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it.- Returns:
- maximum tracking time
-
setMaxIdleTrackerMs
public void setMaxIdleTrackerMs(long value)
Set maximum amount of time (in milliseconds) to keep track of request rates for a connection, before deciding that the user has gone away, and discarding it.- Parameters:
value
- maximum tracking time
-
getName
public java.lang.String getName()
The unique name of the filter when there is more than one DosFilter instance.- Returns:
- the name
-
setName
public void setName(java.lang.String name)
- Parameters:
name
- the name to set
-
isInsertHeaders
@ManagedAttribute("inser DoSFilter headers in response") public boolean isInsertHeaders()
Check flag to insert the DoSFilter headers into the response.- Returns:
- value of the flag
-
setInsertHeaders
public void setInsertHeaders(boolean value)
Set flag to insert the DoSFilter headers into the response.- Parameters:
value
- value of the flag
-
isTrackSessions
@ManagedAttribute("usage rate is tracked by session if one exists") public boolean isTrackSessions()
Get flag to have usage rate tracked by session if a session exists.- Returns:
- value of the flag
-
setTrackSessions
public void setTrackSessions(boolean value)
Set flag to have usage rate tracked by session if a session exists.- Parameters:
value
- value of the flag
-
isRemotePort
@ManagedAttribute("usage rate is tracked by IP+port is session tracking not used") public boolean isRemotePort()
Get flag to have usage rate tracked by IP+port (effectively connection) if session tracking is not used.- Returns:
- value of the flag
-
setRemotePort
public void setRemotePort(boolean value)
Set flag to have usage rate tracked by IP+port (effectively connection) if session tracking is not used.- Parameters:
value
- value of the flag
-
isEnabled
@ManagedAttribute("whether this filter is enabled") public boolean isEnabled()
- Returns:
- whether this filter is enabled
-
setEnabled
public void setEnabled(boolean enabled)
- Parameters:
enabled
- whether this filter is enabled
-
getTooManyCode
public int getTooManyCode()
Status code for Rejected for too many requests.- Returns:
- the configured status code (default: 429 - Too Many Requests)
-
setTooManyCode
public void setTooManyCode(int tooManyCode)
-
getWhitelist
@ManagedAttribute("list of IPs that will not be rate limited") public java.lang.String getWhitelist()
Get a list of IP addresses that will not be rate limited.- Returns:
- comma-separated whitelist
-
setWhitelist
public void setWhitelist(java.lang.String commaSeparatedList)
Set a list of IP addresses that will not be rate limited.- Parameters:
commaSeparatedList
- comma-separated whitelist
-
clearWhitelist
@ManagedOperation("clears the list of IP addresses that will not be rate limited") public void clearWhitelist()
Clears the list of whitelisted IP addresses
-
addWhitelistAddress
@ManagedOperation("adds an IP address that will not be rate limited") public boolean addWhitelistAddress(@Name("address") java.lang.String address)
Adds the given IP address, either in the form of a dotted decimal notation A.B.C.D or in the CIDR notation A.B.C.D/M, to the list of whitelisted IP addresses.- Parameters:
address
- the address to add- Returns:
- whether the address was added to the list
- See Also:
removeWhitelistAddress(String)
-
addWhitelistAddress
private boolean addWhitelistAddress(java.util.List<java.lang.String> list, java.lang.String address)
-
removeWhitelistAddress
@ManagedOperation("removes an IP address that will not be rate limited") public boolean removeWhitelistAddress(@Name("address") java.lang.String address)
Removes the given address from the list of whitelisted IP addresses.- Parameters:
address
- the address to remove- Returns:
- whether the address was removed from the list
- See Also:
addWhitelistAddress(String)
-
createRemotePortId
private java.lang.String createRemotePortId(javax.servlet.ServletRequest request)
-
-